Adventures in IT

I'm running an nginx server with php5-fpm and was always getting mail in /var/mail/root telling me that the cronjob running usr/lib/php5/maxlifetime was throwing warnings. The warnings were that: PHP Warning:  Module 'mcrypt' already loaded in Unknown on line 0 To fix this I had a look at the file and noticed that it was looping through the various sapi methods and running a command.  The line in the shell script looks like this: for sapi in apache2 apache2filter cgi fpm; do if [ -e /etc/php5/${sapi}/php.ini ]; then So I removed the mcrypt extension from my apache2 php.ini (/etc/php5/apache2/php.ini) and now the maxlifetime shell script runs without throwing warnings.

If you're using a staging server to test your Wordpress changes then you'll be deploying Wordpress to a new domain once your test team gives the go ahead. Unfortunately this can break Wordpress quite badly.  All the links in your content are essentially hard coded into the database content table.  There are settings in the options table that help Wordpress with deciding on redirects. Here are three useful sql statements that will make your life a little easier when migrating.  You can include them as part of your scripted deploy or just run them manually if you don't deploy Wordpress often. Edit them to suit your domain configuration, but they'll help you to change the links and settings in your database to point to the new domain.

Adding new users to Ubuntu is easy because of the convenience tools that exist. Start with the command sudo useradd -d /home/testuser -m testuser This creates the user and sets up a default home directory.  The user doesn't have a password, but you could add one with passwd if you wanted to. Then create a directory .ssh in their home directory.  Create a file called authorized_keys in the directory and copy in contents of the users public key into it. Chown the .ssh directory (and file) to the user and chmod the file to 600.  The directory should be mode 700. Make sure that /etc/sshd_config is set up to deny logging in by password. If you want to set up their bash profile you can copy the ".profile" and ".bashrc" files to their home directory.  Remember to edit /etc/passwd and set their shell to bash. The user should be able to login using their public key by setting up their .ssh/config on their home machine. Host foo HostName server.ip.addres...

Microsoft Happiness I need to use a Windows server to deploy a program I'm busy writing. I kept on getting a problem with Apache starting up that prevented it from including the MS sql server pdo drivers. The message was: the program can't start because msvcp110.dll is missing from your computer. Try reinstalling the program to fix the problem and this usually relates to the Visual C++ Redistributable for Visual Studio 2012 package not being installed. I had previously installed this (it's available on the Microsoft site ) but was still getting the error. Eventually I stumbled on this topic on the Apache friends forum which advised to copy the msvcp110.dll file to both the \xampp\apache\bin and the \xampp\php directories. Apparently Apache wasn't able to follow the OS path to find the file.  In my case it was already in the php directory but not with the other binaries for Apache. After copying it there Apache restarted without errors and the PDO dr...

If your autoscaled images are not loading on Drupal then here are some steps to take to troubleshoot the problem. Firstly, if you have logging enabled then visit http://yoursite.com/admin/reports/dblog to see a list of the events. If you see events with the message "Unable to generate the derived image located at...." then check the permissions on your files directory.  This is usually /sites/default/files. Then check that the GD library is installed for PHP.  On Ubuntu you can install it with apt-get install php5-gd If you don't see any events then try opening the image url in a new tab on your browser to confirm that your web server is properly rewriting the request to index.php instead of trying to serve a file out of the directory. On Nginx you should consider using location blocks like this: # These next locations help with thumbnails - https://www.drupal.org/node/2374961 location @rewrite { rewrite ^/(.*)$ /index.php?q=$1 last; } ...

Reverse Proxy diagram from Wiki Commons We're currently hosting client sites on a Rackspace server and using their Load Balancer feature as a way to terminate SSL and not have to have multisite certificates. We only attach one node to the Load Balancer so we're paying for more than we're using.  My proof of concept is to use Nginx to terminate SSL certificates and proxy to the Apache server.  This will save us £ 225 per load balancer, and since we're using ten of them that's quite a significant saving. My first step was to spin up a free tier EC2 instance running Ubuntu 14.04 LTS.  I guess you can replace this with your favourite cloud or on-the-metal server. Then I installed my packages. These are the ones I remember so YMMV. sudo apt-get install nginx apache2 fail2ban php5-fpm mcrypt php5-mcrypt openssl php5-cli php5 libapache2-mod-php My network diagram is slightly different from the picture for this post in that the web server is hosted on the ...

Jenkins is pretty easy to secure with the help of some useful plugins. The first that I suggest using is an oAuth provider.  Our repositories are hosted on Bitbucket so I'm using their oAuth, but there is also a Github oAuth plugin.  The instructions to set up the plugin are very clear (see the plugin page ). When you're configuring your Jenkins to use the oAuth security remember to leave the Authorization setting to "logged in users can do anything" for now.  We'll change this later, but we don't want to get locked out of Jenkins when we apply the security settings. Now install the plugin Role Based Authentication Strategy (see the plugin page ). Add a new group called "Anonymous" and uncheck everything. When a user logs into the oAuth they'll be given a message by Jenkins saying that they don't have any permissions.  This means that not everybody with a Bitbucket account can access your site so thats a good thing. You just need ...